Leekspin Documentation
Open Table Of Contents

Table Of Contents

Table Of Contents

Source code for leekspin.rsa

# -*- coding: utf-8 -*-

"""OpenSSL RSA key utilities."""


from __future__ import print_function
from __future__ import absolute_import

import logging

import OpenSSL.crypto

from leekspin import tls



[docs]class OpenSSLKeyGenError(Exception):
    """Raised when there is a problem generating a new key."""




[docs]def createRSAKey(bits=1024):
    """Create a new RSA keypair.

    The current keysize for OR RSA keys is 1024 bits.

    :param int bits: The bitlength of the keypair to generate.
    :raises OpenSSLKeyGenError: If key creation failed.
    :rtype: :class:`OpenSSL.crypto.PKey`
    :returns: An RSA keypair of bitlength ``bits``.
    """
    key = OpenSSL.crypto.PKey()
    logging.info("Generating new RSA keypair...")
    key.generate_key(OpenSSL.crypto.TYPE_RSA, bits)
    if not key.check():
        raise OpenSSLKeyGenError("Couldn't create new RSA 1024-bit key")
    return key



[docs]def createKey(selfsign=True, digest='sha1'):
    """Create a set of public and private RSA keypairs and corresponding certs.

    :param bool selfsign: If ``True``, use the private key to sign the public
       certificate (otherwise, the private key will only sign the private
       certificate to which it is attached).
    :param str digest: The digest to use.
    :raises OpenSSLKeyGenError: If key creation failed.
    :rtype: 4-tuple
    :returns: (private_key, private_cert, public_key, public_cert)
    """
    privateKey  = createRSAKey()
    privateCert = tls.attachKey(privateKey,
                                tls.createTLSCert(),
                                selfsign=selfsign)
    publicKey   = privateCert.get_pubkey()
    # We do not want to self-sign the public certificate because the signing
    # would be done by the attached key, which in this case is the public one.
    publicCert  = tls.attachKey(publicKey,
                                tls.createTLSCert(),
                                selfsign=False)
    logging.debug("Created new secret keypairs and certs: key=%r cert=%r"
                  % (privateKey, privateCert))
    logging.debug("Created new public keypairs and certs: key=%r cert=%r"
                  % (publicKey, publicCert))

    if selfsign:
        # Now we need to sign the publicCert with the privateKey:
        logging.debug("Signing public cert %r with private key %r"
                      % (publicCert, privateKey))
        publicCert.sign(privateKey, digest)

    return (privateKey, privateCert, publicKey, publicCert)